CVE-2020-9392

HIGH Year: 2020
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-276
View all →

Vulnerability Description

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.

Related Vulnerabilities

CVE-2019-19490

HIGH
CVSS:7.3(High)

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

CWE-2762019

CVE-2019-2200

HIGH
CVSS:7.3(High)

In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escala...

CWE-2762019

CVE-2020-0133

HIGH
CVSS:7.3(High)

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution pri...

CWE-2762020

CVE-2020-10049

HIGH
CVSS:7.3(High)

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to inclu...

CWE-2762020

CVE-2020-12510

HIGH
CVSS:7.3(High)

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which...

CWE-2762020

CVE-2020-15843

HIGH
CVSS:7.3(High)

ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Inst...

CWE-2762020